diff options
| author | Nihad Abbasov <narkoz.2008@gmail.com> | 2012-09-26 22:17:17 +0400 |
|---|---|---|
| committer | Nihad Abbasov <narkoz.2008@gmail.com> | 2012-09-26 22:18:35 +0400 |
| commit | 83efcabc829083f11553df0f1eb67a8fbbc3e000 (patch) | |
| tree | 2017dc24ab9630ad9a227dffde27550ededcc92f /spec | |
| parent | 4629cc44d6b7fa7ebdec8ce47bb0825e255d7763 (diff) | |
set activerecord whitelist_attributes to true
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/models/issue_spec.rb | 5 | ||||
| -rw-r--r-- | spec/models/key_spec.rb | 5 | ||||
| -rw-r--r-- | spec/models/merge_request_spec.rb | 5 | ||||
| -rw-r--r-- | spec/models/milestone_spec.rb | 4 | ||||
| -rw-r--r-- | spec/models/note_spec.rb | 5 | ||||
| -rw-r--r-- | spec/models/project_spec.rb | 5 | ||||
| -rw-r--r-- | spec/models/protected_branch_spec.rb | 4 | ||||
| -rw-r--r-- | spec/models/snippet_spec.rb | 5 | ||||
| -rw-r--r-- | spec/models/user_spec.rb | 31 | ||||
| -rw-r--r-- | spec/models/users_project_spec.rb | 4 | ||||
| -rw-r--r-- | spec/models/web_hook_spec.rb | 4 | ||||
| -rw-r--r-- | spec/models/wiki_spec.rb | 5 |
12 files changed, 56 insertions, 26 deletions
diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb index 34192da94ad..099c41985cb 100644 --- a/spec/models/issue_spec.rb +++ b/spec/models/issue_spec.rb @@ -5,6 +5,11 @@ describe Issue do it { should belong_to(:milestone) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:author_id) } + it { should_not allow_mass_assignment_of(:project_id) } + end + describe "Validation" do it { should ensure_length_of(:description).is_within(0..2000) } it { should ensure_inclusion_of(:closed).in_array([true, false]) } diff --git a/spec/models/key_spec.rb b/spec/models/key_spec.rb index 85cd291d681..3ccfdf034de 100644 --- a/spec/models/key_spec.rb +++ b/spec/models/key_spec.rb @@ -6,6 +6,11 @@ describe Key do it { should belong_to(:project) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:project_id) } + it { should_not allow_mass_assignment_of(:user_id) } + end + describe "Validation" do it { should validate_presence_of(:title) } it { should validate_presence_of(:key) } diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb index 523e823de34..a54849240ae 100644 --- a/spec/models/merge_request_spec.rb +++ b/spec/models/merge_request_spec.rb @@ -6,6 +6,11 @@ describe MergeRequest do it { should validate_presence_of(:source_branch) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:author_id) } + it { should_not allow_mass_assignment_of(:project_id) } + end + describe 'modules' do it { should include_module(IssueCommonality) } it { should include_module(Votes) } diff --git a/spec/models/milestone_spec.rb b/spec/models/milestone_spec.rb index f0f0f88303f..9c11a7b1043 100644 --- a/spec/models/milestone_spec.rb +++ b/spec/models/milestone_spec.rb @@ -6,6 +6,10 @@ describe Milestone do it { should have_many(:issues) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:project_id) } + end + describe "Validation" do it { should validate_presence_of(:title) } it { should validate_presence_of(:project_id) } diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb index 7809953f5b3..34493a1117d 100644 --- a/spec/models/note_spec.rb +++ b/spec/models/note_spec.rb @@ -7,6 +7,11 @@ describe Note do it { should belong_to(:author).class_name('User') } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:author) } + it { should_not allow_mass_assignment_of(:author_id) } + end + describe "Validation" do it { should validate_presence_of(:note) } it { should validate_presence_of(:project) } diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 756f69ded56..c313b58ecd6 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -17,6 +17,11 @@ describe Project do it { should have_many(:protected_branches).dependent(:destroy) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:owner_id) } + it { should_not allow_mass_assignment_of(:private_flag) } + end + describe "Validation" do let!(:project) { create(:project) } diff --git a/spec/models/protected_branch_spec.rb b/spec/models/protected_branch_spec.rb index 9180bc3bca6..4b2923624dd 100644 --- a/spec/models/protected_branch_spec.rb +++ b/spec/models/protected_branch_spec.rb @@ -5,6 +5,10 @@ describe ProtectedBranch do it { should belong_to(:project) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:project_id) } + end + describe 'Validation' do it { should validate_presence_of(:project_id) } it { should validate_presence_of(:name) } diff --git a/spec/models/snippet_spec.rb b/spec/models/snippet_spec.rb index ffb861c4910..66c36e51ec7 100644 --- a/spec/models/snippet_spec.rb +++ b/spec/models/snippet_spec.rb @@ -7,6 +7,11 @@ describe Snippet do it { should have_many(:notes).dependent(:destroy) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:author_id) } + it { should_not allow_mass_assignment_of(:project_id) } + end + describe "Validation" do it { should validate_presence_of(:author_id) } it { should validate_presence_of(:project_id) } diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 14a373e10a5..b77d88783f4 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -15,6 +15,11 @@ describe User do it { should have_many(:assigned_merge_requests).dependent(:destroy) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:projects_limit) } + it { should allow_mass_assignment_of(:projects_limit).as(:admin) } + end + describe 'validations' do it { should validate_presence_of(:projects_limit) } it { should validate_numericality_of(:projects_limit) } @@ -73,30 +78,4 @@ describe User do user.authentication_token.should_not be_blank end end - - describe "attributes can be changed by a regular user" do - before do - @user = Factory :user - @user.update_attributes(skype: "testskype", linkedin: "testlinkedin") - end - it { @user.skype.should == 'testskype' } - it { @user.linkedin.should == 'testlinkedin' } - end - - describe "attributes that shouldn't be changed by a regular user" do - before do - @user = Factory :user - @user.update_attributes(projects_limit: 50) - end - it { @user.projects_limit.should_not == 50 } - end - - describe "attributes can be changed by an admin user" do - before do - @admin_user = Factory :admin - @admin_user.update_attributes({ skype: "testskype", projects_limit: 50 }, as: :admin) - end - it { @admin_user.skype.should == 'testskype' } - it { @admin_user.projects_limit.should == 50 } - end end diff --git a/spec/models/users_project_spec.rb b/spec/models/users_project_spec.rb index 33cb358e7bd..a13a08db17a 100644 --- a/spec/models/users_project_spec.rb +++ b/spec/models/users_project_spec.rb @@ -6,6 +6,10 @@ describe UsersProject do it { should belong_to(:user) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:project_id) } + end + describe "Validation" do let!(:users_project) { create(:users_project) } diff --git a/spec/models/web_hook_spec.rb b/spec/models/web_hook_spec.rb index 3cba5b64ff0..422d67cf016 100644 --- a/spec/models/web_hook_spec.rb +++ b/spec/models/web_hook_spec.rb @@ -5,6 +5,10 @@ describe ProjectHook do it { should belong_to :project } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:project_id) } + end + describe "Validations" do it { should validate_presence_of(:url) } diff --git a/spec/models/wiki_spec.rb b/spec/models/wiki_spec.rb index de6ce426331..1e27954cb84 100644 --- a/spec/models/wiki_spec.rb +++ b/spec/models/wiki_spec.rb @@ -7,6 +7,11 @@ describe Wiki do it { should have_many(:notes).dependent(:destroy) } end + describe "Mass assignment" do + it { should_not allow_mass_assignment_of(:project_id) } + it { should_not allow_mass_assignment_of(:user_id) } + end + describe "Validation" do it { should validate_presence_of(:title) } it { should ensure_length_of(:title).is_within(1..250) } |